The Agent Skills Directory

[COMMAND_EXECUTION]: The initialization logic in SKILL.md contains a shell command injection vulnerability. It uses an unquoted heredoc (<< EOF) to write the $ARGUMENTS variable—which contains raw user input—directly into a configuration file (checkpoint.json). In shell scripts, unquoted heredocs perform command substitution, meaning any malicious payloads like $(curl ...) or `command` provided in the user's task request will be executed by the system during the initialization phase.
[PROMPT_INJECTION]: The skill is designed to autonomously execute a Test-Driven Development (TDD) loop based on user-provided "Acceptance Criteria," creating a high risk for indirect prompt injection.
Ingestion points: User-supplied task descriptions and acceptance criteria via the /auto-loop command in SKILL.md.
Boundary markers: None. The skill does not use delimiters or instructions to prevent the agent from obeying instructions embedded within the processed data.
Capability inventory: The skill performs file system writes and edits, shell command execution for testing and git commits, and delegates tasks to other agents like code-reviewer and debugger.
Sanitization: None detected. The skill accepts raw text and parses it directly into an operational state for the autonomous loop.

auto-loop